Russian hackers use satellites to hide attacks

A security company warned that a group of sophisticated Russian hackers is using commercial satellites to remain hidden while stealing data from diplomatic and military agencies in the United States and in Europe with the goal of gaining political and strategic information. Hackers are using the satellites to ensure their criminal activities are almost impossible to detect.

The group is called Turla, after the name of the malicious software it uses and has been active for more than eight years. Research company Kaspersky claims the hackers have infected computers in 45 countries, including the U.S. and China, by laundering their traffic through satellite Internet connections often used in sparsely populated areas, such as Africa.

The group takes advantage of the fact that older satellites do not encrypt data streaming to Earth, and it relies on unsuspecting users of satellite Internet service providers around the world.

"For us, it was very surprising," said Stefan Tanase, senior security researcher at Kaspersky Lab. "We've never seen a malicious operation that hijacked satellite” connections to obtain data and to cover its tracks. "This is the first group that we believe has done it. It allows you to achieve a much greater level of anonymity."

"It's probably one of the most effective methods of ensuring their operational security, or that nobody will ever find out the physical location of their command and control server," Tanase added. "I cannot think of a way of identifying the location of a command server. It can be anywhere in the range of the satellite beam."